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REMARKS 

Claims 1-25 are pending, of which claims 1 and 8 are independent method claims with 
generally corresponding computer program product claims 13 and 20, and claim 25 is an 
independent system. By this paper, claims 1, 8, 13, 20, and 25 have been amended, as indicated 
above. 

The Office Action objected to Figure 2 for failing to include a reference number 206b as 
described in the Specification at line 9 of page 15. In the amended Figure 2 attached to this 
paper, Applicants have corrected the typographical error in the reference number for the server 
on the right side of memory 208 from "206a" (which is the correct reference number for the 
server on the left side of memory 208) to "206b" in order to make the reference number 
consistent with the Specification at line 9 of page 15. 

The Office Action rejected claims 1-25 under 35 U.S.C. § 103(a) as being unpatentable 
over U.S. Patent No. 6,061,740 to Ferguson at al. ("Ferguson") in view of U.S. Patent No. 
. 6,385,618 to Ngetal.CWs"). 1 

Applicants' invention, as claimed for example in independent method claim 1 relates to 
supporting different security descriptor specifications for the same object. The method includes 
- converting a first security descriptor into a version of the first security descriptor that follows a 
second security descriptor specification, comparing the converted version of the first security 
descriptor with a second security descriptor, and changing the second security descriptor to 
reflect at least one security permission change as represented in the converted version of the first 
security descriptor so that any changes to the second security descriptor are non-degenerative 
and reversible. The method further includes undoing the at least one security permission change 
in the second security descriptor, converting the second security descriptor into a version of the 
second security descriptor that follows the first security descriptor specification, comparing the 
converted version of the second security descriptor with the first security descriptor, and 
changing the first security descriptor to reflect the undone security permission change as 
represented in the converted version of the second security descriptor so that any change to the 



Although the prior art status of Ferguson and Ng is not being challenged at this time, Applicants reserve the 
right to do so in the future. Accordingly, any arguments and amendments made herein should not be construed as 
acquiescing to any prior art status or asserted teachings of Ferguson and Ng. 
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first security descriptor is non-degenerative and reversible. Each of the pending independent 
claims is directed to similar subject matter. 

Ferguson discloses an administration system for centralized management of a 
heterogenous network. Col. 8, 11. 41-42. With reference to Figure 4, a management service 
includes a set of representation objects 90 within a distributed directory for representing foreign 
objects 87. Col. 9, 11. 1-3. When a change to representation object 90 is detected, an event 
monitor sends a message to a replication agent 89 to synchronize foreign objects 87. Col. 9, 11. 
8-32. The administration system acts as a one-way synchronization between replication objects 
90 and the foreign objects 87. Col. 9, 11. 35-37. In an example illustrated in Figure 6 that 
involves Microsoft's Security Accounts Manager ("SAM") and Novell Directory Services 
("NDS"), Ferguson states that NDS values trump SAM values. Col. 14, 11. 33-35. 

Ng discloses an object-relational mapping tool. Col. 3, 11. 33-38. The object-relational 
mapping tool reads a database to examine its schema, constructs a data structure to reflect this 
schema, generates an object model based on the data structure, and creates source code based on 
the object model. Col. 5, 11. 23-27. Using the object-relational mapping tool, a programmer can 
customize the object model. Col. 6, 11. 4-5. After the programmer customizes the object model, 
however, a database administrator may_update the database. Col. 7, 11. 5-12. In order to keep - 
from losing the customization when the programmer updates the source code to include the 
database update, the object relational mapping tool, imports the new database schema to create a 
new data structure, compares the old data structure with the new data structure to isolate the 
database changes, updates the object model to reflect the identified database changes without 
disturbing the changes made by the programmer, and generates new source code from the 
updated object model. Col. 7, 11. 13-60. Similar to Ferguson, Ng also discloses a one-way 
operation from schema to data structure to object model to source code. 

Accordingly, Ferguson and Ng fail to teach, suggest, or motivate non-degenerative and 
reversible changes to different security descriptors for the same object. Among other things, 
Ferguson and Ng fail to teach, suggest, or motivate: (i) converting a first security descriptor into 
a version of the first security descriptor that follows a second security descriptor specification, 
(ii) changing a second security descriptor to reflect at least one security permission change as 
represented in the converted version of the first security descriptor, (iii) undoing the at least one 
security permission change in the second security descriptor, (iv) converting the second security 
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descriptor into a version of the second security descriptor that follows the first security descriptor 
specification, (v) changing the first security descriptor to reflect the undone security permission 
change as represented in the converted version of the second security descriptor, so that any 
changes to the first and second security descriptor are non-degenerative and reversible, as 
claimed for example in independent method claim 1. Similar reasoning applies to each of the 
other pending independent claims, 8, 13, 20, and 25. Applicants respectfully submit, therefore, 
that the rejection of the pending claims under 35 U.S.C. § 103(a) as unpatentable over Ferguson 
in view of Ng should be withdrawn. 

Applicants also respectfully submit that the motivation or rationale to combine Ferguson 
and Ng as stated in the Office Action is improper. Specifically, the Office Action asserts that "it 
would have been obvious to one of ordinary skill in the art at the time the invention was made to 
modify the method of Ferguson ... in order to alleviate programmers from having to recreate 
their customization ... as taught by Ng ... to save significant development time." Office 
Action, p. 4 (rejection of claim 1). However, "[i]t is improper to combine references where the 
references teach away from their combination." MPEP § 2145(X)(D)(2). Furthermore, "[a] 
prior art reference that 'teaches away' from the claimed invention is a significant factor to be 
considered in determining obviousness." MPEP § 2145(X)(D)(1). As indicated above, 
Ferguson teaches that NDS values trump SAM values, which is contrary to Applicants' claimed 
invention for non-degenerative and reversible changes, as claimed for example in independent 
claims 1, 8, 13, 20, and 25, and is contrary to Ng's goal preserving programmer customization 
to the object model. Keeping in mind that Ferguson's teaching that NDS values trump SAM 
values is in connection with an integration utility for user and group objects underscores the 
relevance of Ferguson's contrary position with respect to Applicants claimed invention. 

Based on at least the foregoing reasons, Applicants respectfully submit that the cited prior 
art fails to anticipate or make obvious Applicants invention, as claimed for example, in 
independent claims 1, 8, 13, 20, and 25. Applicants note for the record that the remarks above 
render the remaining rejections of record for the independent and dependent claims moot, and 
thus addressing individual rejections or assertion with respect to the teachings of the cited art is 
unnecessary at the present time, but may be undertaken in the future if necessary or desirable, 
and Applicants reserve the right to do so. 
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In the event that the Examiner finds any remaining impediment to a prompt allowance of 
this application that may be clarified through a telephone interview, the Examiner is requested to 
contact the undersigned attorney. 

Dated this 29 th day of April, 2004. 




RICK D. NYDEGGER 
Registration No. 28,651 
ERIC M. KAMERATH 
Registration No. 46,081 
Attorneys for Applicant 
Customer No. 022913 
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